- 4.4.9, rock and roll.

- MFH (manually): Fixed overflow in memnstr().

- Back to dev.

- RC1.

- Added missing NEWS items.

- a dot :)

- fix crash when some crafted font are given

upgrade PCRE to 7.7 + one additional patch to fix a security bug

- Go with PHP 4.4.8.

- Back to dev.

4.4.8RC1

- #43010, Fixed regression in imagearc with two equivelent angles

add CVE ref

report fix

- fix build
- fix regression in glob introduced by #41655 fix and add test cases

Fixed bug #41765 (Recode crashes/does not work on amd64)

mysql fix

MFB: Fixed bug #41628 (PHP settings leak between Virtual Hosts in Apache 1.3).

MFB: Fixed bug #41655 (open_basedir bypass via glob())

Human readable..

record fixes

MFB: WDDX deserialize numeric string array key

- MFH:#41630, segfault when an invalid color index is present in the image
  data

MFB: Improved fix for MOPB-02-2007

MFH: Fixed an interger overflow inside chunk_split(), identified by Gerhard
Wagner

fix news

note on max_input_nesting_level

- MFH: libgd #86: Fixed possible infinite loop in libgd/gd_png.c, fix test
    (Reported by Xavier Roche)

fix #38798 (OpenSSL init corrected in php5 but not in php4)

- Back to dev.

- 4.4.7 preparations.

- Fixed bug #41252 (Calling mcrypt_generic without first calling
  mcrypt_generic_init crashes).

- MFH: libgd #74, gdImageFilledArc, huge CPU usage with large angles

fix for #38236

- Back to -dev.

- 4.4.7RC1.

MFH: fix #40998 (long session array keys are truncated)

MFB: MOPB-33-2007:PHP mail() Message ASCIIZ Byte Truncation

revert by request of Derick

fix #40586 (_ENV vars get escaped when magic_quotes_gpc is on)

MFH: fix #40915 (addcslashes unexpected behavior with binary input)

Bug fixes

MFB:  Fixed MOPB-26-2007 mb_parse_str() can be used to activate
register_globals

clarify

fix for mopb-24

fix #40831 (cURL extension doesn't clean up the buffer of reused handle)

MFB: Fixed MOPB-22-2007 PHP session_regenerate_id() Double Free Vulnerability.

mopb 8 fix

- add summary of the CVE

Bug fixing news

- NEWS entry for the ft cve

- MFH: CVE-2007-1001, integer overflow with invalid wbmp images

fix #40747 (possible crash in session when save_path is out of open_basedir)

- Back to dev.

- Go with 4.4.6.

fix #40635 (segfault in cURL extension)

fix #40611 (possible cURL memory error)

- Back to -dev.

- Go with RC1.

MFH: fix #40578 (imagettftext() multithreading issue)

Fixed bug #40286 (PHP fastcgi with PHP_FCGI_CHILDREN don't kill children when parent is killed)

BFN

upgrade bundled PCRE to version 7.0

- Back to -dev.

- Package 4.4.5.

fix #40335 (Compile fails when using GCC 4.1.1/binutils 2.17)

- Back to -dev.

- Go with RC2.

backported fix for ext/imap compilation failure with recent c-client versions
(fixes #39401)

- Backported a fix in the configure tests to detect the "rounding fuzz".

- Move ext/ovrimos to PECL.

Fixed bug #36248 (CURLOPT_HEADERFUNCTION, couldn't set the function in the
class).

Fixed bug #39819 (Using $this not in object context can cause segfaults)

- Back to -dev

- 4.4.5rc1

MFH: Fixed bug #39971 (pg_insert/pg_update do not allow now() to be used for
timestamp fields).

MFH: fix bug #39890 (using autoconf 2.6x and --with-layout=GNU breaks PEAR install path)

MFH: fix bug #39458

MFH

MFH: Added a meta tag to phpinfo() output to prevent search engines from
indexing the page.

MFH: fix #39583 (ftp_put() does not change transfer mode to ASCII)

MFH: Fixed bug#36975 (natcasesort() causes array_pop() to misbehave)

MFH: Fixed bug #38456 (Apache2 segfaults when virtual() is called in .php
ErrorDocument).

revert incorrect patch for bug #39129

MFH: Fixed bug #39354 (Allow building of curl extension against libcurl
7.16.0)

BFN

MFH: fix bug #38882 (ldap_connect causes segfault with newer versions of OpenLDAP)

BFN

MFH: Fixed bug #39034 (curl_exec() with return transfer returns TRUE on
empty files).

MFB: Fixed missing open_basedir check inside chdir() function.

MFH: Fixed bug #38859 (parse_url() fails if passing '@' in passwd).

MFH: Fixed bug #38963 (Fixed a possible open_basedir bypass in tempnam()).

MFH: fix #34066 (recursive array_walk causes segfault)
add test

pcre news

BFN
though, the leak is still there, we can't fix that in 4_4

Fixed bug #37812 aggregate_methods_by_list fails to take certain methods
Add test

fix #38450 (constructor is not called for classes used in userspace stream wrappers)

fix #38378 (wddx_serialize_value() generates no wellformed xml)

- Back to dev.

- Go with 4.4.4.

- Back to -dev

- Go with RC1.

MFH: fix #38431 (xmlrpc_get_type() crashes PHP on objects)

- Fixed a memory corruption error with an invalid foreach() call.

MFH: Various security fixes

MFH: Fixed bug #38377 (session_destroy() gives warning after
session_regenerate_id()).

MFB: Fixed bug #37265 (Added missing safe_mode & open_basedir checks to
imap_body()).

MFH: fix #38322 (reading past array in sscanf() leads to arbitary code execution)

re-apply fix for #38251 (socket_select() and invalid arguments)

BFN

- Back to dev

- Go with 4.4.3.

MFH:- Fixed bug #38183 (disable_classes=Foobar causes disabled class to be called Foo)

- MFH #38112, bad code size segfault

- MFH Fixed Bug #29538 number_format and problem with 0

- Back to dev.

- Go with RC2.

bug fixing news

- MF51: Fixed XSS inside phpinfo() with long inputs.

BFN: - Fixed bug #37720 (merge_php_config scrambles values). (Mike,
       pumuckel at metropolis dot de)

MFH: Fixed bug #37569 (WDDX incorrectly encodes high-ascii characters).

MFH: Fixed handling of extremely long paths inside tempnam() function.

- Back to dev

- Go with 4.4.3RC1

MFH: Added control character checks for cURL extension's
open_basedir/safe_mode checks.

Fixed a possible buffer overflow inside create_named_pipe() for Win32
systems in libmysql.c.

- MFH Fix bug #37510 session_regenerate_id changes session_id() even on failure

- MFH: #37346, invalid colormap format
- MFH: #37360, bad gif size

MFH: Fixed bug #37348 (make PEAR install ignore open_basedir).

MFH: Fixed bug #37162 (wddx does not build as a shared extension).

MFH: Fixed bug #37045 (Fixed check for special chars for http redirects).

Fixed bug #37046 (foreach breaks static scope)

MFH: Fixed bug #36857 (Added support for partial content fetching to the
HTTP streams wrapper).

fix news (re-order)

BFN

MFH: Added overflow checks to wordwrap() function.

*** empty log message ***

MFH: Fixed bug #36459 (Incorrect adding PHPSESSID to links, which
contains \r\n).

MFH: Fixed bug #36458 (sleep() accepts negative values).

Fixed bug #36205 (Memory leaks on duplicate cookies)

MFH: fix #36242 (Possible memory corruption in stream_select())

fix #36223 (curl bypasses open_basedir restrictions)

MFH: Fixed bug #36148 (unpack("H*hex", $data) is adding an extra character
to the end of the string).

fix bug #36017 (fopen() crashes PHP when opening a URL)
+ fix incosistency in macro usage

MFH: Added a check for special characters in the session name.

- Back to dev.

- Fixed year.

- Go with 4.4.2.

- Back to devel.

- Go with RC2.

MFH: Fixed bug #35669 (imap_mail_compose() crashes with
multipart-multiboundary-email).

MFH: Fixed bug #35817 (unpack() does not decode odd number of hexadecimal
values)

- BFN

- Fixed bug #35735 ($EGREP and $SED are not defined in configure)

MFH: Fixed bug #35571 (Fixed crash in Apache 2 SAPI when more then one php
script is loaded via SSI include).

MFH: Fixed bug #35655 (whitespace following end of heredoc is lost).

fix #35646 (%{mod_php_memory_usage}n is not reset after exit)
patch by vovik at getart dot ru

MFH: Fixed bug #35594 (Multiple calls to getopt() may result in a crash).

MFH: Fixed bug #33523 (Memory leak in xmlrpc_encode_request()).

MFH: Fixed bug #34359 (Possible crash inside fopen http wrapper).

MFH: Fixed bug #30760 (Remove MessageBox on win32 for E_CORE errors if
display_startup_error is off).

MFH: Prevent header injection by limiting each header to a single line.

MFH: Fixed possible XSS inside error reporting functionality.

MF51:
fix #35536 (mysql_field_type() doesn't handle NEWDECIMAL)
add also SET, ENUM, NEWDATE and GEOMETRY to the switch

MFH: Fixed bug #35062 (socket_read() produces warnings on non blocking
sockets).

MFH: Fixed bug #35410 (wddx_deserialize() doesn't handle large ints as keys
properly).

MF51: fix #35341 (Fix for bug #33760 breaks build with older curl)

MFH: Fix #33201 Crash when fetching some data types

MFH Fix #33963. mssql_bind fails on input parameters

MFH: Fix #32009 crash when mssql_bind() is called more than once

MFH: Fix #33153 Crash in mssql_next_result().

MFH: Fixed bug #35278 (Multiple virtual() calls crash Apache 2 php module).

fix news

- Back to -dev.

- Go with 4.4.2RC1.

MFH: Resolve Apache 2 regression with sub-request handling on non-linux
systems.

MFH: fix #35079 (stream_set_blocking(true) toggles, not enables blocking)
patch by askalski at gmail dot com

fix #35257 (Calling ob_flush after creating an ob callback causes segfault)
***
The issue is 4.x specific and cannot be reproduced in 5.x, because in 5.x we
allocate empty strings, while in 4.x we're using empty_string macro.
***

reorder

fix news

fixed the order.

NEWS updated.

Fixed bug #35009 (ZTS: Persistent resource destruct crashes when extension is compiled as shared)

MFH: Fixed bug #31971 (ftp_login fails on some SSL servers).

MFH: - Fixed bug #35078 (configure does not find ldap_start_tls_s)

BFN

Syncornize code with CS/error handling from 5.X
MFH crash fixes for imap_mailcompose function.

- fixed bug #34851 (SO_RECVTIMEO and SO_SNDTIMEO socket options expect integer
  parameter on Windows)

Fixed bug #35067, #35063 (key(),current() need to work by reference).

Fixed bug #35059 (Apache2 crash with mod_rewrite).

- MFH: thread safe SSL crypto locks, fixes bug #33760

MFH: Additional open_basedir/safe_mode checks.

- Back to -dev

BFN

- Merge 4.4.1 and 4.4.1RC1 entries.

- Go with PHP 4.4.1 - release on Monday.

MFH: Fixed bug #29983 (PHP does not explicitly set mime type & charset).

MFH: Properly fixed bug #34456 (original patch completely reverted).

MFH: - Fixed bug #34850 (--program-suffix and --program-prefix not included in man page names)

- MF50: Fixed access to an uninitialised variable.